There is good and bad news around cybersecurity these days. The good news is that many CEOs and corporate boards no longer accept “good enough” security, and are willing to invest in best practices and leading security defenses to protect their organizations. So what’s the bad news? Many organizations continue to think of cyber-risk in terms of internal network penetration rather than as a more comprehensive strategy that includes all digital assets - websites, social networks, VIP and third-party partner exposure, etc. To address these risks, CISOs and risk officers must adopt a thorough digital risk management strategy that includes monitoring, filtering, prioritizing, and responding to threats across the public Internet and dark web. Digital Shadows specializes in this area and can help organizations with digital risk mitigation.
Other content in this Stream
A recently discovered campaign has used the legitimate storage services of BitBucket to facilitate malware distribution and increase the perceived trust between an unknown threat actor and a targeted
We define the strengths and weaknesses of ACH in the cyber-threat domain, with a "customer-centric" view that can aid analysts in presenting intelligence to a decision maker.
This blog is intended to highlight the flourishing scene on criminal marketplaces for airline-related information.
Sarah Yoder and Jackie Lasky from MITRE join Rick Holland and Harrison Van Riper in this guest episode to talk through their tool, Threat Report ATT&CK Mapping (TRAM). Both Sarah and Jackie are...
Competitions have been a feature of the Russian-language cybercriminal scene practically since the advent of cybercriminal forums ...
January was a looooong year. Anyone else? In this week’s episode, Jamie starts by talking about his recent blog, Cyber Threat Intelligence Frameworks, with 5 rules for integrating these frameworks...
Is there real value in threat intelligence? How can we leverage threat intelligence and make use of it in any meaningful way?
Here at Digital Shadows we spend quite a bit of time attacking, defending and researching Windows AD environments, so we thought we’d chip in with a list of controls that we have found to give ...
![SANS CTI Summit, Snake Ransomware, CacheOut, And Citrix Vuln Update [Podcast]](https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fcontent.cdntwrk.com%2Ffiles%2FaHViPTY4NzA5JmNtZD1pdGVtZWRpdG9yaW1hZ2UmZmlsZW5hbWU9aXRlbWVkaXRvcmltYWdlXzVlMzQ1ZmViOTQ2ODAuanBnJnZlcnNpb249MDAwMCZzaWc9M2ZhYjQ4Mjk0ZmNlNzU3ZTMxYmYxMDE5ZTk1MzY4N2Y%25253D&size=1&version=1581863279&sig=9658db15b14f5226ff4a44faed68d1f9&default=hubs%2Ftilebg-blogs.jpg)
Rick Holland jumps in to kick-off this week’s episode to recap the 2020 SANS CTI Summit with Harrison. Then Harrison, Alex, Kacey, and Charles talk through other top stories of the week.
This blog discusses how different CTI frameworks can co-exist, and suggests some practical rules to bear in mind when integrating these frameworks into intelligence practices.
In many cases the cybercriminal underground is a lot more familiar than you might be led to believe...
In this blog series, we’ll share some tales from the front lines – keeping client names anonymous, of course. We’ll investigate some of SearchLight’s most impactful findings, and more importantly, she
On December 17th 2019, CVE-2019-19781 was disclosed. The vulnerability allows for directory traversal and remote code execution on Citrix ...
Unless you went very dark for an extended holiday break, you are no doubt very well aware of the United ...
The digital economy has multiplied the number of suppliers that organizations work and interact with. Using a supplier can ...
There are useful precedents that can assist when we consider how this will unfold in the near-term future.
In this blog, we discuss several significant trends and events that have helped shape the cyber threat landscape, all of which will almost certainly continue through 2020.
